SSL Certificate Installation on Internal Captive Portal
08-08-2019 12:47 PM
We just purchased some 310s.
We have setup Captive Portal for our Public WiFi network.
We found that when Captive Portal is enabled, public clients receive SSL browser warnings.
I understand that this is due to the fact that the Captive Portal is using a self-signed certificate.
Our Captive Portal page is just an "accept" page, no user credentials are exchanged.
Ideally, we would just disable HTTPS on the Captive Portal page. However, according to this forum post, https://community.arubanetworks.com/t5/Wireless-Access/Disable-HTTPS-on-Aruba-IAP-305-Captive-Portal/m-p/496913#M87648, there isn't a way to disable HTTPS on the Instant products.
So, I turn to installing a purchased certificate that browsers will 'accept.'
I found this post detailing how to install a certificate:
My question involves the installation of the certificate.
It sounds like I can create a CSR for a domain like public.ourdomain.com using a Windows PC. I can then purchase a certificate for public.ourdomain.com. Once I have converted the purchased certificate into a pem file, I can upload the pem file into the controller. This certificate will be shared across all APs. Once the purchased certificate is installed, public clients will load the public.ourdomain.com Captive Portal page without errors.
Is this accurate?
If so, do I need to setup any DNS entries for the public.ourdomain.com? Or add the public.ourdomain.com to the controller? Or will the controller automatically 'know' to use the new domain name when it brings up the captive portal page with the newly purchased certificate?
Thanks for your help.
Re: SSL Certificate Installation on Internal Captive Portal
08-09-2019 08:43 PM
yes when you install a HTTPS public cert on the virtual conroller (VC) it will get installed throughout that instant cluster.
then when you are using it for Captive portal, you should not get any warnings about trusting the cert. and you should have a valid DNS entry for your domain as well.